From owner-freebsd-questions@freebsd.org Fri Oct 23 23:05:47 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 56CC7A1D5A0 for ; Fri, 23 Oct 2015 23:05:47 +0000 (UTC) (envelope-from karly@kipshouse.net) Received: from mgmt.ironboy.kipshouse.net (ironboy.kipshouse.net [IPv6:2001:470:835a:4242::42]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mx.kipshouse.net", Issuer "Starfield Secure Certificate Authority - G2" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CF35713D0 for ; Fri, 23 Oct 2015 23:05:46 +0000 (UTC) (envelope-from karly@kipshouse.net) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kipshouse.org; i=@kipshouse.org; q=dns/txt; s=kh-ss; t=1445641547; x=1477177547; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; z=Date:=20Fri,=2023=20Oct=202015=2015:55:24=20-0700|From: =20Karl=20Young=20|To:=20"O.=20Hartm ann"=20|Cc:=20"Michael=20B. =20Eichorn"=20,=0D=0A=09freebsd-q uestions=20|Subject:=20Re: =20replace=20uname=20-a=20informational=20string |Message-ID:=20<20151023225524.GJ31202@mailboy.kipshouse. net>|References:=20<20151023090805.5484ce9b@freyja.zeit4. iv.bundesimmobilien.de>=0D=0A=20<1445622325.1169.29.camel @michaeleichorn.com>=0D=0A=20<20151023225424.49220466.oha rtman@zedat.fu-berlin.de>|MIME-Version:=201.0 |In-Reply-To:=20<20151023225424.49220466.ohartman@zedat.f u-berlin.de>; bh=jBtUdyFNjqXTQdzkcbbjqdHRcrgJXOy6jaoOKmkNr8Q=; b=BZmmSVeyCa3ALSAGmJEMDXiTDhFRcrkXqfVYziRM3PqU+xtBMh9pRoEI r6KyBHxz37dHukp1/Dr0ZXtL642cZimH8/UJzkHDXxaff5zewT1crKAGD Yz427OWT3h8htp4qZjC6hEA/fEHGL4OvUiGOJxGX5pTynDkoPDYU0VLAP KQldDus6ynjbynU/YmOqZB2IK2MKtn8/h8PMDyuANXilFDwGdrXWUHATO E5Dk5f40FXGdZ+xzcXZ5mkyu4NtZpijlQcu1EORm9mA13sp+UdlubpuqU m3nXEE6osJLrvgMPQNhoacLOEBeDAZOTV2Lm5YUxfWhgvsBHLGVcZlB53 w==; Authentication-Results: d2.ironport.kipshouse.net; dkim=neutral (message not signed) header.i=none Received-SPF: None (d2.ironport.kipshouse.net: no sender authenticity information available from domain of karly@kipshouse.org) identity=pra; client-ip=2001:470:835a:1010::26; receiver=d2.ironport.kipshouse.net; envelope-from="karly@kipshouse.net"; x-sender="karly@kipshouse.org"; x-conformance=sidf_compatible Received-SPF: None (d2.ironport.kipshouse.net: no sender authenticity information available from domain of karly@kipshouse.net) identity=mailfrom; client-ip=2001:470:835a:1010::26; receiver=d2.ironport.kipshouse.net; envelope-from="karly@kipshouse.net"; x-sender="karly@kipshouse.net"; x-conformance=sidf_compatible Received-SPF: None (d2.ironport.kipshouse.net: no sender authenticity information available from domain of postmaster@mailboy.kipshouse.net) identity=helo; client-ip=2001:470:835a:1010::26; receiver=d2.ironport.kipshouse.net; envelope-from="karly@kipshouse.net"; x-sender="postmaster@mailboy.kipshouse.net"; x-conformance=sidf_compatible X-SBRS: None X-MID: 178666 X-RemoteIP: 2001:470:835a:1010::26 X-RemoteHost: 2001:470:835a:1010::26, mailboypriv.kipshouse.net X-IronPort-AV: E=McAfee;i="5700,7163,7963"; a="178666" Received: from mailboypriv.kipshouse.net (HELO mailboy.kipshouse.net) ([IPv6:2001:470:835a:1010::26]) by d2.ironport.kipshouse.net with ESMTP; 23 Oct 2015 16:05:46 -0700 Received: by mailboy.kipshouse.net (Postfix, from userid 500) id E10CC436BC; Fri, 23 Oct 2015 15:55:24 -0700 (PDT) Date: Fri, 23 Oct 2015 15:55:24 -0700 From: Karl Young To: "O. Hartmann" Cc: "Michael B. Eichorn" , freebsd-questions Subject: Re: replace uname -a informational string Message-ID: <20151023225524.GJ31202@mailboy.kipshouse.net> References: <20151023090805.5484ce9b@freyja.zeit4.iv.bundesimmobilien.de> <1445622325.1169.29.camel@michaeleichorn.com> <20151023225424.49220466.ohartman@zedat.fu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20151023225424.49220466.ohartman@zedat.fu-berlin.de> X-Arbitrary-Number-Of-The-Day: 42 X-URL: http://www.kipshouse.org/karly X-Work-URL: http://www.cisco.com/ X-Disclaimer: My opinions do not necessarily represent those of my employer. User-Agent: Mutt/1.5.20 (2009-12-10) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2015 23:05:47 -0000 O. Hartmann(ohartman@zedat.fu-berlin.de)@2015.10.23 22:54:24 +0200: > Am Fri, 23 Oct 2015 13:45:25 -0400 > "Michael B. Eichorn" schrieb: > > > First of all: Thank you very much for your concerns and answers. > > > On Fri, 2015-10-23 at 09:08 +0200, O. Hartmann wrote: > > > For security purposes, I need to replace the informations given by > > > "uname -a" > > > to hode the kernel build system, name et cetera. > > > > I presume you intendend 'hide' here? > > > > If you want to scrub a binaries of _all_ information about the building > > system this is a problem Debian is actively working on called > > 'reproducible builds' but is not possible today. > > > > https://reproducible.debian.net > > > > If you want to hide the hostname, why not just build with a different > > hostname set? > > Because it is not only the hostname, uname reveals the target host, date and OS version. > > In our case, the image ist built on a dedicated host for a security appliabce based on > NanoBSD and I'd like to hide the OS type, the OS name, the build box' name and the build > date. Perhaps you could mv or rm /usr/bin/uname and replace it with your own script or binary that outputs whatever you want it to. -karl > > > > > > > > > Is there a way to achieve this via setting some knobs in the process of > > > a > > > buildkernel? > > > > > > Please CC me, I'm not subscriber of the list. > > > > > > Kind regards and thanks in advance, > > > > > > O. Hartmann > >